hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,886 Commits 1,671 Branches 157 Tags
codeql-cli-2.1.4-cloudbuild
Commit Graph

3270 Commits

Author SHA1 Message Date
Esben Sparre Andreasen
eaff78b37e JS: change severity to warning 2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen
1de1c15919 JS: minor fixups 2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen
2ad9b843ae JS: fix FP for js/unsafe-jquery-plugin 2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen
cfd567f01d JS: fix FP for js/unsafe-jquery-plugin 2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen
9e247921fc JS: add FP tests for js/unsafe-jquery-plugin 2020-01-31 19:33:04 +01:00
Esben Sparre Andreasen
fef918ac13 JS: add query "Unsafe jQuery plugin" 2020-01-31 19:33:04 +01:00
semmle-qlci
d995d5a4a0 Merge pull request #2716 from esbena/js/additional-koa-requests 
Approved by erik-krogh
 2020-01-31 18:30:42 +00:00
Erik Krogh Kristensen
84be6e1286 update docString on getAnAliasedSourceNode 2020-01-31 15:38:19 +01:00
Erik Krogh Kristensen
32bcb18cdf add pragma[inline] to getAnAliasedSourceNode 2020-01-31 15:35:38 +01:00
Erik Krogh Kristensen
72114a48f5 rename getASourceAccess to getAnAliasedSourceNode 2020-01-31 15:34:58 +01:00
Erik Krogh Kristensen
e6d46b9279 add test for new prefix check on TaintedPath 2020-01-31 12:35:03 +01:00
Erik Krogh Kristensen
b6611b1fb3 add "slice" as a recognized prefix method in ClientSideUrlRedirectCustomizations.qll 2020-01-31 12:24:12 +01:00
Erik Krogh Kristensen
279c584bb8 fix FP in js/path-injection by recognizing more prefix checks 2020-01-31 11:03:11 +01:00
semmle-qlci
f8d0b4e602 Merge pull request #2618 from erik-krogh/ExceptionalPromise 
Approved by asgerf
 2020-01-31 07:59:09 +00:00
Esben Sparre Andreasen
5f1317fa2d JS: model path.parse and its ponyfill package: "path-parse" 2020-01-30 21:26:18 +01:00
Esben Sparre Andreasen
5b5f52979d JS: add uniform support for path, path.posix and path.win32 2020-01-30 21:26:18 +01:00
Erik Krogh Kristensen
8fc273b9ec update expected output 2020-01-30 15:19:27 +01:00
semmle-qlci
3158b8401a Merge pull request #2705 from erik-krogh/CVE75 
Approved by asgerf
 2020-01-30 13:07:05 +00:00
semmle-qlci
120b50f497 Merge pull request #2708 from asger-semmle/js/react-flow-through-imports 
Approved by esbena
 2020-01-30 13:05:07 +00:00
Erik Krogh Kristensen
162c19c348 changes based on review 2020-01-30 14:04:04 +01:00
Asger F
b88cc50cdb Apply suggestions from code review 
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-01-30 12:42:58 +00:00
Asger Feldthaus
1bf8165098 TS: Other review comments 2020-01-30 12:41:02 +00:00
Asger Feldthaus
92dbfb2858 JS: Handle LGTM_WORKSPACE and fix emptiness check 2020-01-30 12:31:25 +00:00
Asger Feldthaus
141d4bfb70 TS: Handle multiple slashes in scope name 2020-01-30 12:28:16 +00:00
Erik Krogh Kristensen
7637ebcc03 Merge remote-tracking branch 'upstream/master' into exceptionFPs 2020-01-30 10:56:41 +01:00
Esben Sparre Andreasen
31743c42e5 Update javascript/ql/src/semmle/javascript/frameworks/Koa.qll 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-01-29 20:28:29 +01:00
Esben Sparre Andreasen
a6d3afd817 JS: support additional Koa request sources 2020-01-29 14:49:01 +01:00
Esben Sparre Andreasen
d4d910b681 JS: add koa test 2020-01-29 14:41:23 +01:00
Anders Schack-Mulligen
743b612d0d Javascript/Python: Sync XML.qll 2020-01-29 13:31:25 +01:00
Erik Krogh Kristensen
b8834ffcad add support for private fields in classes 2020-01-29 13:10:45 +01:00
semmle-qlci
fb90c2ba52 Merge pull request #2681 from asger-semmle/csrf-only-session-cookie-access 
Approved by erik-krogh, max-schaefer
 2020-01-29 10:46:48 +00:00
Erik Krogh Kristensen
aea365c424 adjust API naming 2020-01-28 15:09:31 +01:00
Erik Krogh Kristensen
cb16116b4d adjust type-tracking on custom EventEmitters 2020-01-28 14:00:26 +01:00
Asger F
701d9989be Apply suggestions from code review 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-01-28 12:46:51 +00:00
Asger F
310dd05185 Update javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-01-28 12:46:34 +00:00
semmle-qlci
5ab6457370 Merge pull request #2699 from asger-semmle/js/callback-doc-typo 
Approved by max-schaefer
 2020-01-28 11:00:49 +00:00
Asger Feldthaus
b306571d52 JS: Type-track react component factories 2020-01-28 10:22:04 +00:00
Erik Krogh Kristensen
082967a629 add EventEmitter models for net.createServer() and respjs. 2020-01-28 09:38:38 +01:00
Erik Krogh Kristensen
a2e54b1477 add support for this references in classes that extend EventEmitter 2020-01-28 09:37:54 +01:00
Asger Feldthaus
3d567eb889 JS: Close an unterminated code block 2020-01-27 12:03:58 +00:00
semmle-qlci
8a6de11268 Merge pull request #2689 from erik-krogh/LastEventEmitters 
Approved by esbena
 2020-01-27 08:55:33 +00:00
semmle-qlci
7d9956e3f3 Merge pull request #2675 from erik-krogh/WebSocket 
Approved by esbena
 2020-01-27 08:40:37 +00:00
Erik Krogh Kristensen
8492f6031f reuse existing type-tracking for classes 2020-01-24 13:36:32 +01:00
Erik Krogh Kristensen
0b55aed626 use the EventEmitter registration methods instead of just "on" 2020-01-24 13:06:00 +01:00
Erik Krogh Kristensen
148ec9aad0 fix typos 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2020-01-24 12:36:03 +01:00
Asger Feldthaus
7fa0fea253 TS: Address comments in guessMainFile 2020-01-24 10:11:53 +00:00
Asger Feldthaus
1f647223e0 TS: Move definition of mainStr 2020-01-24 10:02:06 +00:00
Asger Feldthaus
9ed77585a7 Merge branch 'ts-monorepo-deps' of github.com:asger-semmle/ql into ts-monorepo-deps 2020-01-24 09:58:35 +00:00
Asger F
5448bffede Update javascript/extractor/lib/typescript/src/main.ts 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
 2020-01-24 09:58:27 +00:00
Asger Feldthaus
3ca5a3dbe4 TS: Document nodeModulesRex 2020-01-24 09:57:40 +00:00